Bitdefender, the critical darling in internet security, appears to have been hacked and is now embroiled in a dangerous extortion plot that’s putting its over 400 million customers at risk.
Friday July 24th 2015: A Hacker going by the handle DetoxRansome (DR) first attempted to blackmail the company via Twitter, writing “I want 15,000 us dollars or I leak your customer base”. This message was then followed by a tweet containing login credentials for two Bit Defender staff members’ accounts and another one belonging to a customer.
Saturday July 25th 2015: DetoxRansome made his second attempt to monetize Bitdefender’s freshly stolen data, as well as the exploit with which he procured it. DR posted a listing on a pastee page detailing the private sale of what he later described in an email as “access to all usernames and passwords persistently to their (Bitdefender) flagship products”. He posted a sample of some of what he had stolen which contained the plain text username and matching passwords for over 250 active Bitdefender accounts. Travis Doering and Bitdefender were able to confirm many of them as active accounts. In the body of the pastee post DR also listed the following message “This is a sample I have more, email for details of the hole (EMAIL REDACTED)” Those words then launched an online bidding war for the stolen credentials and details of the exploit used by DR.
screenshot provided by our source show’s DetoxRansome’s price negotiations.
Tuesday July 28th 2015: As he describes in the emails provided by our source, DR began exploiting the usernames and passwords to breach many of Bit Defenders clients. “this has the potential of being huge as I’m able to sniff all customer usernames and passes gov mil pharm etc this is big as i was able to hack posworks.com.au by using this” DetoxRansome writes. In his attempt to impress the potential buyer, DR also sent screenshots of him accessing the enterprise security solutions page of many companies. DR claimed that “I can login to there full enterprise security solutions i have their logins to their shit not just customers“.
A screenshot sent by DetoxRansome shows he has acesss to BitDefenders’ enterprise security solutions for POS Works.
A screenshot sent by DetoxRansome shows he has acesss to BitDefenders’ enterprise security solutions for another Bitdefender client.
Reached by Travis Doering late Monday evening, Bitdefenders Marius Buterchi confirmed the
hacking of accounts, and said the company was “Aware of the issue and have reset the passwords for the customers who’s credentials have been made public.” He added “They are actively investigating how these passwords were made public.”
Recreation footage shows Bitdefender’s user data being sniffed.
When asked how DetoxRansome was able to procure the usernames and passwords, he responded that “I’m sniffing one of their major servers stealing logins”
While DetoxRansome’s claim of having access to their network could not be confirmed, if it is indeed the case, then Bit Defenders current remedy to reset the passwords and credentials in the wild, will have little to no effect as long as DetoxRansome is able to maintain his presence inside Bitdefender’s network.
While changing your Bitdefender password may or may not have any effect at this point depending on whether DetoxRansome’s claims are true. We do recommend that if you are in the habit of sharing the same password across multiple sites. You change the credentials on any other accounts that may share the same password as your Bitdefender login.